They go after applications, not networks, and take fewer resources to execute. So criminals are getting a good ROI by attacking smaller companies.

CIO|Dec 8, 2011 1:25 PM
PT

Distributed denial of service (DDoS) attacks aren’t what they used to be … and that’s not good. They used to only be attacks from armies of bots against large organizations, sometimes for political reasons and somet

imes for extortion. Now DDoS attacks are more targeted and don’t need nearly as much in the way of resources, which means organizations of all sizes are now at risk.

The classic DDoS attack relies on brute-force to shut down network traffic to a site. Because these required the use of a large number of bots, attackers typically just went after large enterprises. Even criminals are concerned with ROI and they needed a sizeable payoff in order for an attack to be worth it. These are the type which played a part in both the recent South Korean and Russian elections – in these cases the ROI is measured in political power.

Now the attacks are moving from network level to application level. “They find a soft spot in an application then exploit it,” says Marc Gaffan, co-founder of Incapsula – one of several companies providing DDoS mitigation services. Unlike the old model attack, this doesn’t stop people from getting a website, but using it is pretty much impossible. This attack requires far fewer bots and costs a lot less money, so they can target smaller organizations. “They can blackmail any size website,” says Gaffan.

No surprise then that the number of DDoS attacks has skyrocketed. According to a report by Prolexic, another service provider, “The volume of packets-per-second (PPS) has almost quadrupled compared to Q3 2010, illustrating a significant increase in the size and diversity of attacks over the past 12 months.”

The standard way of dealing with DDoS was for a company to install a network firewall designed for this. However, those require a lot of work to manage and maintain. That’s not a problem for large companies which can afford to devote IT resources to this. The newer mitigation get around this by via cloud-based technology. Typically they re-direct traffic to their servers, scrub it and then send the legitimate traffic to the client. This model has cut down prices making DDoS mitigation and prevention an option for most firms doing business on the web.